CVE-2018-3613 – edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users

https://notcve.org/view.php?id=CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Problema de lógica en el módulo del servicio variable para EDK II/UDK2018/UDK2017/UDK2015 podría permitir que un usuario autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • https://access.redhat.com/errata/RHSA-2019:2125 https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us https://access.redhat.com/security/cve/CVE-2018-3613 https://bugzilla.redhat.com/show_bug.cgi?id=1641433 • CWE-287: Improper Authentication •